Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
The state has apologized to the county, but the two Coalfire employees were still in jail as of this writing.
As Sean Gallagher points out at Ars Technica, penetration testers often have broadly defined scopes of work for their engagements, and this highlights the risk of a brief that essentially goes, "Just do what it takes to figure out if criminals could compromise our security."
State court administration (SCA) is aware of the arrests made at the Dallas County Courthouse early in the morning on September 11, 2019. The two men arrested work for a company hired by SCA to test the security of the court’s electronic records. The company was asked to attempt unauthorized access to court records through various means to learn of any potential vulnerabilities. SCA did not intend, or anticipate, those efforts to include the forced entry into a building. SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff’s Office and Dallas County Attorney as they pursue this investigation. Protecting the personal information contained in court documents is of paramount importance to SCA and the penetration test is one of many measures used to ensure electronic court documents are secure.
Check the scope: Pen-testers nabbed, jailed in Iowa courthouse break-in attempt [Sean Gallagher/Ars Technica]
Runa Sandvik (previously) is a legendary security researcher who spent many years as a lead on the Tor Project; in 2016, the New York Times hired her as "senior director of information security" where she was charged with protecting the information security of the Times's newsroom, sources and reporters. Yesterday, the Times fired her, eliminating […]
Japan's Henn na Hotel chain, owned by the HIS Group, uses "bed-facing Tapia robots" in its rooms; these robots turn out to be incredibly insecure: you can update them by pairing with them using a NFC sensor at the backs of their heads. The robots do not check the new code for cryptographic signatures, meaning […]
In 2017, Equifax admitted that it had doxed America by leaking the nonconsensual dossiers it builds on the nation, covering up the info while its key employees sold off their stock, and then repeatedly lying about the scope of the breach.
If you’re just jumping into app development for Apple’s devices, you’ve picked a heady time. The new iOS 13 has a ton of new features: A versatile SwiftUI language, a boosted role for Siri and a more robust Photos app, just to name a few. And if you’re making the transition from iOS 12? Get […]
Most people don’t spare a lot of thought on the potting for their plants. Perhaps something with a color that matches the walls, but that’s as far as it goes. After all, the plants don’t care what they’re wearing. Do they? Actually, they might. As eye-catching as the AIRSAI Floating Bonsai Plant Pot is, its […]
With the gains real estate has made over stocks in the past 25 years, it’s easy to see why the rich constantly use it to expand their wealth. What’s slightly less obvious is why only the rich seem to ever break into real estate investment. There are a lot of reasons, but a couple of […]